By delaying automatic distribution of its Service Pack 2 upgrade for Windows XP, Microsoft Corp. has highlighted the fact that its Automatic Update service is a double-edged sword for corporate IT departments.
Automatic Update allows Windows PCs to download and install Windows updates and patches
on their own from a Microsoft server or an intermediary in an organization’s own IT shop. IT managers call it a valuable tool to keep up with software updates and guard against known security vulnerabilities, but they tend not to take full advantage of its ability to install updates automatically because of the risk that a patch will cause problems with custom software, old applications or even Windows itself.
Michael Cherry, lead analyst at Directions on Microsoft in Kirkland, Wash., said IT managers should handle patches with care. “”Microsoft is working to improve the quality of their patches,”” he said, “”but there have been patches in the past that they have had to recall or reissue because they found when they patched one thing they broke something else.””
Even Microsoft says IT managers are right to be cautious, especially with a major upgrade like Service Pack 2.
“”For sure, what an organization should be doing is testing their applications in this new environment,”” said Elliot Katz, senior product manager, Windows client, at Microsoft Canada Co. in Mississauga, Ont. Katz said an organization with an IT department or other technical expertise would be wise to install patches or updates on one or a few systems and test key applications before distributing the changes to other machines.
But if an organization is not going to do such testing, Katz said, Microsoft advises turning on Automatic Update so critical updates reach its PCs as soon as possible.
Katz said Service Pack 2 is a critical update and customers should install it as soon as possible, but Microsoft delayed offering it as an automatic update because of feedback from customers. Some customers want more time to test the changes in their environment, he said. For those who want to delay further without turning off Automatic Update, Microsoft is offering a utility on its Web site at http://www.microsoft.ca/technet/winxpsp2 that will stop the service pack from downloading. The same site contains further information about SP2, he added.
One IT manager said he is usually cautious about patches.
Francis Kopke, IT manager at Blastech in Brantford, Ont., said his company has had problems in the past — automatic updates to a server disabled a database application. Afterward the protective coatings company turned off Automatic Update on servers, though it still lets client PCs update themselves, Kopke said. That’s better than relying on users to install patches, he said, because “”most of them weren’t doing it.””
When patching servers, Kopke said, “”I always contact the (application) vendor first to make sure everything’s OK. Only the paranoid survive.””